MTPOS Cloud POS System - Manage Password pattern

Password pattern

MT-POS, by design, supports simultaneous sessions for a user from the same IP, on up to 2 devices.

This is to ensure that, in case there is any issue with the device where user is logged, the user has the ability to resume the activities, by logging into another device instead of waiting for the session to expire.

The Sign-In Activity screen allows you to track active sessions and terminate them, if required..

Access Restrictions

There are 2 cases in which user authentication will fail:

The username and password pair supplied is not valid.
The username is not valid (no such user exists).

In case the same username is supplied more than 3 times within a 5-minute window, and fails authentication repeatedly, MT-POS system will lock this user from login for the next 30 minutes (even if the username is not valid). For valid users, there is an unlock mechanism available in MT-POS User Management screen.

Authentication using a pattern

MT-POS supports user authentication with pattern. If a user has setup a pattern for authentication, then after login the user can select to authenticate using a pattern instead of using a password.

User cannot use pattern to login to the application. Patterns can only be used in authentication prompts after the login has been successful.

Pattern authentication is done internally in MT-POS.

Note: Pattern is kept hashed, with Pepper and Salt using Argon2 password hashing algorithm.

To setup a pattern, select the “My Profile” icon and click the “Change Pattern” link.

Change password pattern screen

Enter your password, and then click on the 'Change Pattern' button to setup a new pattern, or 'Delete Pattern' to remove the current setup pattern.

When a pattern already exists and the user is changing the pattern, then the new pattern will replace the existing one.

Note: For clarity, this pattern is in MT-POS itself. It is separate from any biometric or pattern authentication in iOS or other system.

When selecting 'Delete Pattern', the user will be authenticated with LDAP and then the existing pattern will be removed and cannot be used for further authentication.

Password pattern panel

Pattern panel

Draw the pattern (need to repeat twice). MT-POS will record the new pattern MT-POS database.

When a user has a pattern setup, they will see a pattern authentication icon on the password field on MT-POS authentication screens:

A click on the icon will present the pattern authentication screen:

When authenticating in this mode, the pattern is validated against MT-POS database, and no call is made to LDAP.